Investigations on a Pedagogical Calculus of Constructions 

Loic Colson 

(LITA, University Paul- Verlaine - Metz, France 
colson@univ-metz.fr) 

£s^ ' Vincent Demange 

(LITA, University Paul- Verlaine - Metz, France 
~"» | demange@univ-metz.fr) 

I. 

Abstract: In the last few years appeared pedagogical propositional natural deduction 
jyv systems. In these systems, one must satisfy the pedagogical constraint: the user must 

give an example of any introduced notion. In formal terms, for instance in the propo- 
sitional case, the main modification is that we replace the usual rule (hyp) by the rule 
(p-hyp) 

Of e r f e r \- a ■ r 
(hyp) (p-hyp) 

i_] ; r \- f r\- f 

C/3 ■ where <x denotes a substitution which replaces variables of T with an example. This 

O ' substitution a is called the motivation of r. 

First we expose the reasons of such a constraint and properties of these "pedagogical" 

calculi: the absence of negation at logical side, and the "usefulness" feature of terms at 

^. | computational side (through the Curry-Howard correspondence). Then we construct a 

qq , simple pedagogical restriction of the calculus of constructions (CC) called CC r . We es- 

\^^ • tablish logical limitations of this system, and compare its computational expressiveness 

ly-v ' to Godel system T. 

C^") ■ Finally, guided by the logical limitations of CC r , we propose a formal and general 

definition of what a pedagogical calculus of constructions should be. 
(— "•; , Key Words: mathematical logic, negationless mathematics, constructive mathemat- 

pO ■ ics, typed lambda-calculus, calculus of constructions, pedagogical system. 

Category: F.I.I, F.4.1 



K> ■ 1 Introduction and Motivations 

1.1 The pedagogical constraint 



Recently the articles [Colson and Michel(2007), Colson and Michel(2008), Colson 
and Michcl(2009)] appeared in print, introducing pedagogical natural deduction 
systems and pedagogical typed X-calculi. The main feature about these systems is 
that any proof (or any program) must satisfy the so named pedagogical constraint: 
in natural deduction systems (for instance) the rule (hyp) is replaced by (p-hyp) 

f er f e r \-a-r 

(hyp) (p-hyp) 

rhF y ' rhF y ' 



where a denotes a substitution which replaces propositional variables of F 
with an example, and h a ■ F stands for the derivations of those substituted 
formulas. 

The idea of such a constraint is that, in order to assume a set F of hypotheses, 
one must first provide a "motivation" (the substitution a under consideration) in 
which the set of hypotheses is fulfilled. In doing so, we can always exemplify intro- 
duced hypotheses. This is the formal counterpart of the usual informal teaching 
practice, consisting in giving examples of objects satisfying the assumed prop- 
erties. This last point is a justification of the terminology pedagogical systems, 
and the necessity of such a constraint was already observed by [Poincare(1913)] 
[see Section 3.1]. 

1.2 The pedagogical minimal propositional calculus 

In [Colson and Michel(2007)], the minimal propositional calculus over — >, V and 
A has been constrained as previously explained. It is shown in the article that 
the resulting calculus (P-MPC) is equivalent to the original one: a judgment 
r h F is derivable in the usual system (MPC) if and only if it is derivable in its 
pedagogical version (P-MPC). 

1.3 The pedagogical second-order propositional calculi 

The case of the second-order propositional calculus (Prop 2 ) is considered in 
[Colson and Michel(2008)]. Constraining only the rule of hypothesis as above, 
one is led to a weakly pedagogical second-order calculus (P s -Prop 2 ), where rules 
dealing with quantification are the usual ones: 

rhF a^V(F) r h Va.F 
(Vi) : : (V e ) 

The same remark as above holds for this calculus, but it is not stable by 
normalization of proofs. Indeed, it is shown that _L — > _L is derivable in P s - 
Prop 2 (where _!_ stands for Va.a): 

l./3h/3 ((3 is motivable) 

2.h/3^/3 (-* 1) 

3. h V/3./3 -»• /3 (V, 2) 

4. h _L -4 _L (V e 3) 

But a normal form of this proof must end with a (— >») rule of _L, which is 
impossible since _!_ is not motivable. Hence the normal form of this proof is not 
a proof of P s -Prop 2 . 



This motivates the more constrained system P-Prop 2 where the (V e ) rule has 

been replaced by 

r h Va.F ha-U 

(P"Ve) 

r\-F[a^U] 

It is shown about this system that the usual second-order encoding of con- 
nectives V and A essentially works but it must be observed that the V, (at right 

for instance) becomes: 

TV- A ha-B 
(V ir ) 

rh- Ay b 

The main result concerning P-Prop 2 is that there exists a translation F i— > F 1 
inspired by the A-translation of [Fricdman(1978)] such that: rhFis derivable 
in Prop 2 if and only if r 1 h F 7 is derivable in P-Prop 2 . 

1.4 The pedagogical second-order A-calculus 

Through the Curry-Howard isomorphism, previous work about second-order 
propositional calculus is extended in [Colson and Michel(2009)] to the second- 
order A-calculus. The system is shown to be stable by reduction (i.e. enjoys the 
so-called subject reduction property). An important feature for a A-calculus is 
defined: the usefulness of functions. It means that every typable function in this 
pedagogical A-calculus can be applied to a term: if h / : A — > B, then there is a 
substitution a such that a ■ A is inhabited. Indeed, pedagogical A-calculi do not 
allow one to write useless programs, which are not needed. 

1.5 The calculus of constructions 

The calculus of constructions (CC) has been first introduced in [Coquand and 
Huct(1984), Coquand(1985)]: it is a A-calculus which encompasses higher-order 
A-calculi and calculi with dependent types. It is then natural to extend previous 
works on "pedagogization" to CC in the aim of obtaining a uniform treatment 
of pedagogical A-calculi. 

1.6 Organization of the article 

The paper is organized as follows: in section 2 we recall usual notations for 
the calculus of constructions (CC); in section 3 we introduce the main criterion 
for a subsystem of CC to be pedagogical, we discuss about the impossibility 
of a straightforward modification of CC, and we propose a better one; then in 
section 4 we show that this restriction meets this criterion; we present some 
limitations of it at logical and computational side in sections 5 and 6; finally we 
conclude by the first formal definition of a pedagogical subsystem of CC. 



2 Background and Notations 

In this section, we briefly recall usual definitions and notations about the calculus 
of constructions CC. 

We try to use x,y,.. as symbols for variables, u,v,w, t, .. to denote terms, 
and A,B,.. for types and formulas. 

= is the syntactical equality of terms 1 . We note by ~~**p the usual beta- 
reduction relation between terms; -^p its reflexive and transitive closure; and 
=p its equivalence closure. V(t) is the set of free variables of t. t is said to 
be closed if V(t) = 0. t[x ■<— u] is the usual substitution of u for x in t; and 
t[xi, ..,x n ■<— Mi, ..,u n ] is the simultaneous substitution of u\ for x\, u-i for xi, 
etc. To shorten notations, we use a vector symbolism: t denotes the sequence of 
terms t\, ..,£„; and ^x A .B denotes Vx x 1 ..~ix An .B. 

There are two kinds of judgments: r wf means that the environment r is 
syntactically well-formed, and r h t : A expresses that the term t is of type 
A in the environment r. Implicitly r h A : k signifies that there exists k G 
{Prop, Type} such that this previous statement holds. F h t : A : n is the 
contraction of P h- 1 : A and r h A : n. As usual, A — > B is a shortcut notation 
for \/x A .B when x does not appear in B. 

Rules of CC are presented in [Fig. 1]: a close presentation can be found 
in [Bunder and Seldin(2004)] (without the well- formed judgment), or in [Co- 
quand(1986),Barendregt(1992)]. 

Beta-reduction is known to be confluent and terms of this calculus to be 
strongly normalizing [Barendrcgt(1992)]. 

In the sequel we shall need the following elementary results (proofs in [Co- 
quand(1985),Barendregt(1992)]): 

Lemma 1. If T wf holds, then Type £■ r (the constant Type never appears in 
any well-formed environment). And if T h t : A holds, then Type ^TU {£}. 

Lemma 2. If T \- t : A holds, then A = Type or r b A : k. 

Propositions, (i) If T,x : A, T' wf and r b u : A hold, then r, r'[x <— u] wf 
also holds. 

(ii) If T,x : A, T' \- t : B and T \- u : A hold, then r,T'[x <- u] h t[x <- u] : 
B[x <— u] holds. 



1 As in [Coquand(1989)], we assume De Bruijn indexes for bound variables and iden- 
tifiers for free variables. So there is no need for a-conversion notion. 



wf 



, ■, rv- A: k x4 v(r) 

( cnv i) — — - (env 2 ) 

r, x : A wf 



r wf r,x-.A, r' wf 

(ax) (var) 



r h Prop : Type r,x : A, T' ^ x : A 



r,x : Ahu: B : k r,x :Ah B : k 

r h Xx A .u : \/x A .B rh \/x A .B : k 



r^u:\Jx A .B rhv.A r^t:A r V- A 1 : k A= f3 A' 

(app) (conv) 

rh«:B[iM)] rht:A' 

where k stands for Prop or for Type. 



Figure 1: Inference rules of CC 



3 Pedagogizing CC 

3.1 The Poincare criterion 

Let us recall the necessity of the pedagogical constraint — here in the case of 
definitions by postulate — by the following quotation: 

A definition by postulate has value only when the existence of the 
object defined has been proved. In mathematical language, this means 
that the postulate does not imply a contradiction, we do not have the right 
to neglect this condition. Either it is necessary to admit the absence of 
contradiction as an intuitive truth, as an axiom, by a kind of act of faith 
— but then it is necessary to realize what we are doing and to remember 
that we have extended the list of indemonstrable axioms — or else it is 
necessary to construct a formal proof, either by means of examples or by 
the use of reasoning by recurrence. Not that this proof is less necessary 
when a direct definition is involved, but it is generally easier. 

Henri Poincare - Last thoughts [Poincare(1913)] 

In CC, a definition by postulate of an object x may be seen as an environment 
containing x followed by hypotheses about x. For instance, 

Let i be a natural number verifying P(x) and Q(x). 



is formally represented in CC by the following environment 

z:N,#i :P{x),H 2 : Q{x) 

Poincare pointed out that such a set of hypotheses is an admissible definition 
by postulate of x only if we are able to exhibit a natural satisfying both predicates 
P and Q. In other words, types P(x) and Q(x) must be inhabited for a given x 
(say n) in CC. Namely the following statements must hold: 

h n : N h ii : P(n) h t 2 : Q(n) 

If this is not possible (i.e. there is no such n, ti or £ 2 ) then the definition is 
meaningless and should be avoided. 

Let us generalize to any environment: 

Definition4 (Poincare criterion). The environment x\ : Ai,..,x n ■ A n is 
respectful of the Poincare criterion only if there exists terms £1, ..,£„ such that 
the following judgments are derivable: 

h ti : Ai 

A formal system is said to meet the Poincare criterion only if every well- 
formed environment are respectful of the Poincare criterion. 

3.2 On the naive extension of previous work 

In the previous works on pedagogization [see section 1], each environment is 
motivated before being used. It is then immediate that each used environment 
can be motivated, hence such a system trivially satisfies the Poincare criterion. 
Unfortunately such a simple adjustment can not be performed into CC. 

The straightforward extension of the previous work to CC can be summed 
up by the following changes: 

— remove (envi) and (env 2 ) rules; 

— replace (ax) and (var) rules by these ones: 

a-T a-(r,x:A,r') 

(ax) (var) 

r h o : T : Prop : Type r,x : A, T' h x : A 

where 



— a is the substitution \x\ <— > ii; . . . ; x n <— > t n ] when r = xi : A±, . . . , x n : A n , 
and a ■ P denotes the judgments: 

hti-.At 
\-t 2 :A 2 [xi <-ti] 

r~ Z n . J\ n [X i , . . . , X n _ i ^ 1 1 , . . . ,£ n — i J 

— o and T are two added constants in order to be able to begin derivations 
(like in [Colson and Michcl(2009)]). 

In this subsection, we refer to this system as P, and index its judgments by p. 

P is not a subsystem of CC: 
Lemma 5. The following derivations hold in P but not in CC: 

(a) xi : Type \- p Prop : Type 

(b) xi : Prop,x 2 : {\H T ^ Xl .T) (\y T .y) Y- p Prop : Type 

(c) xi : N,x 2 : (AF Xl=0 .T) (\P n ^ Pio p.\H p °.H) h p Prop : Type 

Proof. Proofs that derivations hold in P are trivial as soon as we exhibit a 
motivation: 

(a) (7i := [xi ^ Prop] 

(b) ct 2 := [xi (->• T; x 2 i-4 o] 

(c) cr 3 := [xi h^ 0; a; 2 n> o] 

And it is easy to see that they are not derivable in CC: 

(a) Type appears into an environment, which is forbidden in CC [see lemma 1]; 

(b) (XH T ^ Xl .T) (Xy T .y) is ill-typed since the function waits for a element of 
type T — y x\, but an element of type T — > T is given instead; 

(c) same reason as for (b): the function waits for a proof of x\ = 0, whereas a 
proof of = is passed. 

□ 

Remark. Those examples involve dependent types. It seems that this naive ex- 
tension can work for A" [see [Michel(2008)]]. 

Remark. The first case can be avoided by enforcing the Ai to be of type Prop 
or Type in the definition of a ■ r. 

CC has the advantage that well-formed types are built into the system. So 
we just need to find which rules need to be constrained and how in order to 
avoid not motivable types (i.e. empty types). 



3.3 A simple attempt: CC r 

In CC, we are able to introduce _L := yA Prop .A as an hypothesis if we have 

been able to derive 1 as a type, which is allowed by the (prod) rule. Actually, 

the (prod) rule is the only one able to create vacuity, since other rules construct 

types and an inhabitant of it simultaneously. We then impose products to always 

be inhabited by replacing the usual (prod) rule of CC by the following more 

restrictive one: 

r, x : A \- r t : B : « 

(prod r ) 

r h r Vx A .B :k 

This rule may be condensed together with (abs) to obtain a rule with two con- 
clusions. So the resulting calculus can be viewed as CC without the (prod) rule. 

From now on we will refer to the resulting calculus as CC r , whose judgments 
will be indexed by r. 

Usual properties of CC from [Coquand(1985)] still hold for this calculus, 
especially substitution (prop. 3 above), weakening and the well-known "subject 
reduction" (stability by reduction). These were formally checked in the Coq 
proof assistant by straightforward adaptation of the work in [Barras(1996)]. 

Example of derivation in CC r 
Lemma 6. The following rule is derivable: 

r wf r 



r \- r o : T : Prop 

where o := XA Pi °p.\x a .x and T := V^ Prop .A ->■ A. 

Proof. 

l.T wf r (hyp) 

2. r Y- r Prop : Type (ax 1) 

3.T,A: Prop wf r (cnv 2 2) 

4. r, A : Prop h r A : Prop (var 3) 

5. r, A : Prop, x : A wf r (env 2 4) 

6. r, A : Prop, x : A \- r x : A : Prop (var 5) 
7.T,A: Prop h r \x A .x : A ->■ A : Prop (abs+prod 6) 
8. r h r \A Prop .Xx A .x : VA Plop .A -)• A : Prop (abs+prod 7) 

4 CC r meets the Poincare criterion 

In this section we show that every type (term of sort Prop or Type) in a well- 
formed environment of CC r is inhabited. A sketch of the proof is: we first notice 



that in CC r every product is inhabited, then, because each closed type reduces 
to a product, we can inhabit every type of a well- formed environment (beginning 
by its leftmost type, which is closed). 

Lemma 7. I/T h r Vce .B : T holds, then there exists k and a term t such that 
r \- r t : \/x .B and T =p k. 

Proof. By induction on the derivation: if the last used rule is (prod) then we 
build t by (abs) rule, and if it is (conv) then we apply induction hypothesis to 
get t. □ 

Lemma 8. If T \- r B : Type holds, then there exists a term, t such that r \- r t : B 
is derivable. 

Proof. By cases on the last applied rule; (ax) case is dealt with lemma 6; (var), 
(app) and (conv) cases are eliminated using lemmas 1 and 2; (prod) case is trivial 
using (abs) rule. □ 

Indeed, every element of type Type is syntactically of the form Va? . Prop, and 
then trivially inhabited by Ac? .T. 

Lemma 9. If T \- r B : Vx^.Prop holds with B closed, then for all closed terms 
u>i,...,w„ verifying 

r \- r w\ : A\ 
r \- r w 2 : A 2 [xi 4- wi] 

r\- r w n : A n [xi,...,x n -i <- wi,...,w n -i] 

there exists a term t such that 

r hj. t : B w 

Proof. Let us define by \\t\\ the length of the longest path of reduction from 
the term t to its normal form (which exists because terms of CC r are strongly 
normalizing) . 

We proceed by induction on the lexicographical order of \\B w\\ and the 
height of the derivation of _T \- r B : Vx A . Prop. 

Let us deal with non-trivial cases (others being mostly eliminated by lem- 
mas 1 and 2): 
(abs) If the last rule of the derivation is 

r, x\ : A\ \- r u : Vx 2 2 . . . Vx n " . Prop : Type 



,Ai 



rh \xf\u : Vx^.Prop 



Let w be the above closed terms. 

Substituting v for x\ in the premise, we obtain (property 3) 

r h u[ Xl 4- Wl }: Vx* 2lxi ^ Wl] . ..Va^^lProp 

As ||w[xi 4— w\] W2 ■■ w n \\ < \\(Xx 1 1 .u) w\ u>2 ■■ w n \\, and u[x± <— w\] is 
closed (since \x x 1 .u and w\ are), we can apply induction hypothesis to built a 
term t such that r \- r t : u[x\ ^— w\ ] u>2 ■■ w n from which by (conv) rule we 
finally get 

rk-t: (Xxf'.u) w 

(app) If the last rule of the derivation looks like 

rh r n: \fy c .\fx 3 . Prop r h r v : C 

rhrUV.Vx^^.PTOp 

where A = D[y <— v ] and B = u v. 

Let w be the above terms. Since for every i Xi $ V(w), so 

Di[y 4- v][xi, ..,Xi-i 4- wi, ..Wi-i] = Di[y,xi, ..,Xi-i 4-v,wi, ..Wi-i] 

Noticing we have ||u v w\\ = \\(u v) w\\, we can then apply induction hypothesis 
of the first premise on the terms v, w to obtain t such that 

r \- r t : (u v) w 

(conv) 

rh r B :T r\- r \/x A . Prop : Type T =p \/x A . Prop 



rh,. B : Vf A .Prop 

By lemma 2 on r \- r B : T, we have three cases: T = Type, r \- r T : Prop or 
r \- r T : Type. By confiuency, the definition of beta-reduction, the properties of 
subject reduction and uniqueness of types, only r \- r T : Type remains. Hence 
T must be of the form W . Prop where A —p C. 

Let w be the above terms. In order to apply induction hypothesis on the first 
premise, it is necessary to show that 

r \- r w\ : C\ 
r \- r w 2 : C2 [xi 4- w\ ] 

r h r w n : C n [xi,...,x n -i 4- Wi,...,W„-i] 

First let us notice that since A =p C, then for each i Ai[x\, .., Xi-\ 4- V\,.., Uj_i ] 
is convertible with Ci[x\, ..,Xi-i <— vi ) ..,Vi-i]. Also, because r \- r Vx^.Prop : 



Type, for each i there exists n such that r, x\ : C\, .., Xi : Ci \- r Ci+\ : n. 
We can then proceed by induction on n: 

l.r\- r wi : Ax (hyp) 

2.Th r d : k 

3.i4i=^Ci 

4. r \- F Wi : Ci (conv 12 3) 

5. r l> w; 2 : ^4.2 [%i 4- w\ ] (hyp) 

6. r, xi : Ci \- r C2 ■ k 

7. r \- r Ci \x\ 4— w±] : n (prop. 3 4 6) 

8. A 2 [xi 4-Wl]=0 C 2 [xi 4- Wl ] 

9.rh r w 2 : C 2 [xi 4- wi ] (conv 5 7 8) 



Finally, we apply induction hypothesis of the first premise on those now 
well-typed w to get a term t satisfying 

r h r t : B w 

D 

The two previous lemmas can be summed up by the following statement: 

Corollary 10. If T \- r B : k holds with B closed, then there exists a term t such 
that r\- r t: B. 

So the pedagogical character of the calculus follows, every type of a well- 
formed environment is inhabited: 

Theorem 11 (Poincare criterion). If x\ : A\,...,x n : A n wf r holds, then 
there exists terms t\, . . . , t n such that 

h r ti : A x 
\- r t 2 : A 2 [xx 4- t\ ] 



\~ r t n : A n \Xl, • ■ • , Xn—l 4 si, ... , in — 1 J 

Proof. By induction on the size of the environment n. 

From the derivation x\ : A\, . . . ,x n '■ A n wf r , we have \- r A\ : k as a sub- 
derivation where A\ is closed. So by corollary 10, we get t\ such that 

\- T t\ : A x 

Then by property 3 we have x 2 : A 2 \x\ 4— t\ ],..., x n : A n [x\ <— t\ ] wf r . By the 
same way, we construct i 2 such that 

h r t 2 : A 2 [xi 4- ii] 



and then x 3 : A s [xi,x 2 <-ti,h],...,x n : A n [xi,x 2 <- h,t 2 ] wf r . 



□ 

This so named "motivation" may be transmitted to the conclusion of judg- 
ments: 

Corollary 12. If x\ : A\, . . . ,x n : A n W r u : B holds, then there exists terms 
t\, . . . ,t n such that 

hr t x : A x 
\- r t 2 : A 2 [xi <- ti] 

*r vn • -™-n \?C 1 , . . . ,X n _i i 1 1 , . . . , tji~~ 1 J 

and 

\- r u[x <r- t] \ B[x St- t] 

Proof. Immediate by applying n times the property 3 using the terms obtained 
from the theorem. □ 

Theorem 13 (usefulness). If \- r f : Vx A .B holds, then there exists a term u 
such that \- r u : A. 

Proof. From \- r f : \/x .B, by lemma 2 we have \- r Vx .B : k, then x : A \- r B : k 
which implies that x : A wf and finally by theorem 11 we construct u. □ 

5 Limitations of the logical power of CC r 

To introduce an hypothesis (which is not a variable) in an environment, it is 
necessary to first inhabit it. For instance, defining Leibniz equality over a type 
A by 

x= A y-= VQ A ^ Prop .Q x -4 Q y 

it is not possible to prove nor symmetry nor transitivity of this relation over 
A (whatever this type is). Indeed, because we are not permitted to derive A : 
Prop, x : A, y : A hr x ~a y ■ Prop, we can not introduce x =a y as an hypothesis 
and then we are not allowed to use it. 

Theorem 14. There is no term u such that h r u : Wl Prop .Vx .Vy .x —a y — > 
y =a x holds. 



Proof. Let us suppose such a term u exists. So we have a sort k such that 
A : Prop, x : A, y : A \- r x —a y '■ k. And because x —a y is a product, 
by lemma 7, it is inhabited, say by t. But since CC r is a restriction of CC, 
A : Prop, x : A, y : A h t : x ~a V also holds in CC. Then, applying it to N and 
and 1, we get a proof of = 1 in the empty environment in CC, which is known 
to be impossible (by a simple combinatoric discussion about the normal form of 
such a term). □ 

In fact, this calculus does not even natively contain simply typed A-calculus: 

Theorem 15. There is no term u such that 

ABC: Prop h r u : (A -> B) -)• (B ->• C) ->• (A -> C) 

holds. 

Proof. Using same arguments as above, if such a u exists, then the following 
judgment holds: 

A : Prop, B : Prop, C : Prop \- r A -> B : Prop 

so there is an inhabitant t of the product type A — ► B in CC r and hence in CC, 
implying by (abs) rule that 

h XABC Pmp .t : \/ABC Pmp .A -»• B 

which can be specialized to T and _L to obtain a proof of T — > _L and finally a 
proof of _L in the empty environment, which is impossible since CC is consistent. 

□ 

Actually, every instances of the types in CC r must be inhabited: 

Theorem 16. If Xi : A\, .., x n : A n \- r B : k holds, then for all terms wi, ■ ■ ■ , w n 

such that 

\- r w\ : A\ 

\- r w 2 : A 2 [xi <- wi] 

hf. w n : A n [xi , . . . , x n -i <-wi,..., w n -i } 
there exists a term t such that 

h^ t : B [x 4— w ] 

Proof. The proof is trivial by applying n times the substitution property 3, ob- 
taining hj. B[x <— w] : k, inhabited by corollary 10. □ 

It is hard to precisely determine the logical expressiveness of CC r . We have 
at least simply typed A-calculus on closed (and then inhabited) types of CC r 
(e.g. T, N, etc.). The proof is the same as the one of lemma 21 below. 



6 Computational expressivity of CC r 

Although the logical strength of CC r seems quite poor, its computational power 
is at least that of the Godel system T. We use the usual well-known way to 
define terms, types (except cartesian product), and recursor (from iterator) of 
system T in lambda-calculus (see [Girard et al.(1990)]). 



Definition 17. 




N 



S(n) 

it T (n,b, (y T )step) 


= VA p ™p.A -4 (A -»• A) -»• A 
= \A Pm P.\x A .\f A -> A .x 
= \A Pm P.\x A .\f A -> A .f (n Ax f) 
= n T b (Xy T .step) 


Lemma 18. The following rules are derivable: 


r wf r fh r n:N 


r h r : N : Prop T h r S(n) : N 


r h T : Prop fh r n:N r h r b : T r,y:Th r step : T 



r h,, itrin, b, (y )step) : T 
Lemma 19. The following reductions hold: 

it T (0,b,(y T )step) -^p b 
it T (S(n),b, (y T )step) A^ step[y <- it T (n, b, (y T )step) } 

Definition 20 (simple types on N). Simple types on N are those obtained 
from N and — h 

Lemma 21. If T wf r holds and T is a simple type on N, then there exists a term 
t such that r \- r t : T : Prop. 

Proof. By induction on T (as a simple type on N): 

- If T is N, then fits. 

— If T is A — > B where A and B are simple types on N, then by induction 
hypothesis on A, we get T \- r A : Prop and by (env2) rule we obtain T, x : 
A wf r . By induction hypothesis on B, we get T \- r b : B : Prop, and weakening 
it we have T, x : A \- r b : B : Prop, and finally, by (abs) and (prod) rules, 
r h- ^x A .b : A^ B : Prop. 

□ 

CC r does not allow us to derive the usual cartesian product defined by A x 
B := VC Prop .(A — > B — y C) -4 C. To simulate recursor from iterator, we define 
a restricted cartesian product N x T for each T, simple type on N, by encoding 
a natural into T. 



Lemma 22. If T wf r holds and T is a simple type on N then there exists two 
terms encx and decx such that T hj. encx '■ N — > T and T \- r decx :T->N and 
for every term n we have decT(encT ri) -^>p n. 

Proof. By induction on T (as a simple type on N): 

— If T is N, then we take the identity on N for encr and deer- 

- If T is A ->• B, we take 

encA^B '■= Xx J!i .Xz .encB x 
decA^B ■= Xf A ^ B .dec B (/ a) 



where a is a term of type A obtained from lemma 21. 



Definition 23. We define the following abbreviations for couples 



NxT 
(n,t) T 

7Tl(c) 
7T2(c) 



= (T -)• T -4 T) -)• T 
= Xf T ^ T ^ T .f (enc T n) t 
= deer (c (Xx T .Xy T .x)) 
= c (Xx T .Xy T .y) 



Lemma 24. TTie following rules are derivable: 

r wf r r h r n : N P h r i : T 



r h r N x T : Prop P h r (n, i) T : N x T 

rhrC-.ExT r\- r c:NxT 



o 



rh r 7ri(c):N r h TT2(c) : T 

Lemma 25. The following reductions hold: 

TTi((n,t) T ) -^p n 
ir 2 ((n,t) T ) -^p t 

Definition 26. We define recursor from iterator by 

rec T (n, b, (x f \ y T )step) ■— ir 2 [itrxrin, (0, b) T , (z TxT )step)] 

where 

step' := (S(tti(z)), step[x, y <— tti(z),tt2(z) ]) x 

Lemma 27. The following rule is derivable: 

r h r T : Prop Thn-.N T h r b : T T,x : N,y : T h r step : T 
P hf recr(n, b,(x ,y )step) : T 
Lemma 28. TTie following reductions hold: 

recT(0,b,(x N ,y T )step) ~^p b 
recT{S(n), b, (x N , y T )step) -^p step[x, y <— n, recr{n 7 b, (x N , y T )step) 



7 Conclusions and direction for further work 

We have seen a simple attempt to pedagogize the calculus of constructions. 
It has a good computational power — at least Godel system T — but lacks of 
logical expressivity — does not even natively contain simply typed A-calculus. A 
pleasant aspect is the simplicity of the added constraint, which also emphasizes 
that the (prod) rule is responsible for vacuity in CC. 

Logical limitations of our calculus CC r suggest a more precise definition for a 
calculus of constructions to be pedagogical: in a pedagogical calculus, we should 
be able to prove the symmetry of the Leibniz equality, because the non-emptiness 
of x —a V can be justified by substituting N to A and to cc and y. It means that 
we not only need that a well-formed environment guarantees the non-emptiness 
of its types by exhibiting an example, but the converse should hold too. 

But as it was already pointed out in section 3.2, the direct converse statement 
of the Poincare criterion is not suitable. We then propose the following definition 
of a pedagogical subsystem of CC (whose judgments are indexed by p): 

Definition 29 (pedagogical subsystem of CC). 
P is a pedagogical subsystem of CC if: 

1. x\ : A\, . . . , x n : A n wf p holds if and only if 

(a) xi : Ai, . . . ,x n : A n wf holds in CC, 

(b) and there exist terms t\, . . . , t n such that 

hj, t\ : Ax : Ki 
\- p t 2 : A 2 [xi <- h] : k 2 

Vp tn • s*-n [% 1 5 • • • ; •£ n — 1 ^ ^1 j • • ■ ; ^n— 1 J • ^n 

2. the system is stable by reduction, namely if r W p u : B and u ^> / g u' , then 
r y- p u' : B. 

Remark. 1. The left to right side of the equivalence is already known as "the 
Poincare criterion" , and enforces P to be a subsystem of CC. The right to 
left side should then be named "the converse of the Poincare criterion" . 

2. The subject reduction must be explicitly stated here since [Colson and 
Michel(2008)] defined a "simple pedagogical second-order propositional cal- 
culus (P s -Prop2)" verifying 1 but not 2. 



One can show, keeping only the rules of CC necessary to define second order 
A-calculus and adding constraints of the pedagogical second order A-calculus 
of [Colson and Michcl(2009)], that we obtain a calculus which is pedagogical 
in the new sense just defined. For instance, P-MPC et P-Prop 2 [see section 1] 
satisfy: it exists F such that r h F if and only if it exists a such that \- a ■ T. 

By the same way, we can construct more expressive pedagogical restrictions of 
CC: a hint is given by [Michcl(2008)] where he studies pedagogical propositional 
higher order systems. It thus raises the question of formally characterizing a 
maximally expressive pedagogical restriction of CC. 
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